What is it that you want to protect from data loss the most?

This can be a very difficult question.  A question that has created many products and solutions (inside and outside of IT…think insurance.)  Other than the people, the most critical asset we have in most organizations is the information.  If it were not for that information we wouldn’t need all of the switches, routers, servers, and storage.  If we aren’t protecting the data that we value most as a starting point then what are we doing?

DLP (Data Loss Prevention) has been one of the dirtiest words over the last ten years.  It may be even considered worse than cloud, at least in security circles.  What made this term so unpalatable is the fact that it somewhat implies that without these solutions branded Data Loss/Leakage Prevention that we are losing and leaking data.  It implies that these solutions are the silver bullet.  The end all to be all.  Obviously marketing gone wild.  There is definitely some merit in this though.  And applied correctly with other technologies can actually provide a fantastic last line of defense, which used to be endpoint anti-virus.

If the attack traffic got through the firewall, then the Network Intrusion Prevention System, then hopefully the endpoint anti-virus software would pick it up.  But what happens when it doesn’t?  What happens when the system has been compromised without detecting for a while.  This is where the data starts to get pulled out of the network, or exfiltrated.

Assuming there is a compromise, let’s delve into our solutions that make up a DLP strategy and provide some examples of when each of them is used.  Ideally you’ll find which of these following solutions fit best in your environment today. [Read more…]